🎉 Ends Today! Unlock up to 35% with our Black Friday lifetime discount before its gone! 🎉
🎉 Unlock up to 35% with our Black Friday discount for a limited time! 🎉
Security
Our Commitment to Security
At CheckView, safeguarding your data is among our highest priority. We believe in transparency about how your data is stored, used, and accessed. Should you have any questions regarding our security measures or policies, please reach out to us via our Support page. If you identify any vulnerabilities in our services, please contact us through the provided channels.
Data Access in CheckView
CheckView adheres to best internet security practices, ensuring your data remains safe and accessible only to authorized personnel. Unless you opt to share it publicly, your data is strictly confidential. We enforce secure HTTPS for all website interactions, including unauthenticated areas. API communications are secured with SSL, and we use HTTP Strict Transport Security to prevent insecure connections. Each user in your organization is given a unique username (email address) and password to access organizational data. Additionally, we offer two-factor authentication for all accounts on all plans.
Data Storage in CheckView
CheckView utilizes Google Cloud services for hosting, ensuring robust security for our infrastructure. We follow Google’s best practices for cloud architecture, with more details available in the Google Security Documentation.
CheckView stores browser actions for tests, including website logins. Note that test steps and test data are not encrypted in our database. Test data is stored as plain text, and although we secure our servers and database rigorously, a breach would make this data accessible. Hence, we strongly advise against using live credentials or sensitive data in tests.
For tests requiring account logins, use dummy data or staging servers. If production application logins are necessary, create a dedicated account for CheckView without sensitive data. Avoid using personal credentials.
Encryption of test values poses challenges due to the nature of browser testing. Plain text values are essential for input fields, making typical password hashing unfeasible. Even encrypted values need to be sent in plaintext for automation. Potential exposure through logs, screenshots, or videos during tests makes storing sensitive data risky. Therefore, we recommend not storing sensitive credentials with us. While this may limit some companies from using our service, we prioritize security and transparency.
CheckView WordPress Plugin
The CheckView WordPress plugin has undergone an independent audit to ensure it meets the highest security standards. Our commitment to security extends to every aspect of our service, and this audit confirms that the plugin adheres to best security practices. The audit thoroughly examined our plugin’s code, architecture, and data handling processes to ensure they are robust and secure.
Key areas of focus included:
- Code Review: Ensuring the plugin’s code is free from vulnerabilities and adheres to secure coding practices.
- Data Handling: Verifying that data processed by the plugin is managed securely, with proper encryption and access controls.
- Authentication and Authorization: Confirming that the plugin correctly implements authentication and authorization mechanisms to prevent unauthorized access.
Our CheckView WordPress plugin utilizes modern, secure token-based authentication to ensure a secure connection between the plugin and CheckView. All communication between the plugin and CheckView servers is encrypted using HTTPS, ensuring data integrity and confidentiality. Security is an ongoing process, and we are committed to continuously monitoring and improving the security of our plugin. We regularly update the plugin to address any new vulnerabilities and to incorporate the latest security enhancements.
CheckView Employee Access
CheckView employees access your account data only under specific circumstances:
- You request support and grant explicit access permission through the support conversation.
- Our engineering team identifies a security issue or system interruption caused by a specific resource.
- We suspect abusive behavior from a resource or account.
Contacting CheckView Securely
For security concerns or vulnerability reports, email our team at [email protected]. We review and respond promptly, requesting non-disclosure until the issue is resolved.
You can also report security bugs through the Patchstack Vulnerability Disclosure Program. The Patchstack team help validate, triage and handle any security vulnerabilities.
Report a security vulnerability